From deb57d0aaf34c9f2ba46992e1f6893d6e35feae7 Mon Sep 17 00:00:00 2001
From: Nickiel12 <nicholasyoungsumner@gmail.com>
Date: Sat, 6 Jan 2024 21:23:01 -0800
Subject: [PATCH] generalized not masquerade

---
 hosts/Alaska/modules/protonvpn.nix | 11 +++++++++--
 1 file changed, 9 insertions(+), 2 deletions(-)

diff --git a/hosts/Alaska/modules/protonvpn.nix b/hosts/Alaska/modules/protonvpn.nix
index 931359e..9b180af 100644
--- a/hosts/Alaska/modules/protonvpn.nix
+++ b/hosts/Alaska/modules/protonvpn.nix
@@ -34,6 +34,10 @@ in
       flush chain ip tailscale-wg preraw;
       delete chain ip tailscale-wg preraw;
 
+      add chain ip tailscale-wg postrouting;
+      flush chain ip tailscale-wg postrouting;
+      delete chain ip tailscale-wg postrouting;
+
       table ip tailscale-wg {
         chain preraw {
           type filter hook prerouting priority raw; policy accept;
@@ -44,14 +48,13 @@ in
         }
         chain postrouting {
           type nat hook postrouting priority srcnat; policy accept;
-          iifname "tailscale0" oifname "protonvpn" ip daddr != 100.64.0.1 masquerade;
+          iifname "tailscale0" oifname "protonvpn" ip daddr != 100.64.0.0/16 masquerade;
         }
       }
       EOF
 
       ${pkgs.wireguard-tools}/bin/wg set protonvpn fwmark off
 
-      # ${pkgs.iproute2}/bin/ip route add default via 10.2.0.2 dev tailscale0 table 51820
       # table inet tailscale-wg { for ipv4 + ipv6
       ${pkgs.iproute2}/bin/ip -4 rule del not fwmark 51820 table 51820
       # ${pkgs.iproute2}/bin/ip -6 rule del not fwmark 51820 table 51820
@@ -70,6 +73,10 @@ in
       flush chain ip tailscale-wg preraw;
       delete chain ip tailscale-wg preraw;
 
+      add chain ip tailscale-wg postrouting;
+      flush chain ip tailscale-wg postrouting;
+      delete chain ip tailscale-wg postrouting;
+
       delete table ip tailscale-wg;
       EOF